Cybersecurity Posture Grows In Importance In Mergers and Acquisitions

In mergers and acquisitions (M&A), corporate acquirers are increasingly aware of the need for vigorous cybersecurity due diligence, yet often lack the proper personnel to conduct thorough analyses, according to a new study by technology consulting firm West Monroe Partners and research firm Mergermarket.

As the importance of big data and IT rises across industries, cybersecurity has become a vital area to assess at deal targets, according to the study, which included interviews with 30 North America-based senior M&A practitioners.

About three quarters (77%) of the participants said the importance of cybersecurity issues at M&A targets had increased significantly over the last two years, due to the increase in corporate data breaches and the liabilities that can be incurred as a result.

Vulnerable security systems can also indicate poor risk management at a company.

“In the last 18 to 24 months, we have really started to see the importance of cybersecurity resonate with our clients,” said Matt Sondag, managing director at West Monroe Partners. “When a data breach lands on the front page of CNN.com or The Wall Street Journal, companies start to pay closer attention to the issue.”

Among the key findings from the report: 80% of respondents said cybersecurity issues have become highly important in the M&A due diligence process; 70% said compliance problems are one of the most common types of cybersecurity issues uncovered during due diligence; more than one third (40%) of acquirers said they had discovered a cybersecurity problem at an acquisition after a deal went through, indicating that standards for due diligence remain low.